Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 21967 invoked from network); 7 Jul 2006 17:10:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 7 Jul 2006 17:10:29 -0000 Received: (qmail 72813 invoked by uid 500); 7 Jul 2006 17:10:18 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 72553 invoked by uid 500); 7 Jul 2006 17:10:17 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 72537 invoked by uid 99); 7 Jul 2006 17:10:17 -0000 Received-SPF: pass (hermes.apache.org: local policy) Received: from [66.236.219.70] (HELO piccollo.p6m7g8.net) (66.236.219.70) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Jul 2006 10:10:17 -0700 Received: from [172.28.57.204] (office4.tmcs.net [209.104.55.5]) (authenticated bits=0) by piccollo.p6m7g8.net (8.13.6/8.13.6) with ESMTP id k67H8fM4041427 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Fri, 7 Jul 2006 13:08:42 -0400 (EDT) (envelope-from pgollucci@p6m7g8.com) Message-ID: <44AE9510.1080009@p6m7g8.com> Date: Fri, 07 Jul 2006 10:08:32 -0700 From: "Philip M. Gollucci" Organization: P6M7G8 Inc. User-Agent: Thunderbird 1.5 (X11/20060313) MIME-Version: 1.0 To: Heiko Weber CC: modperl@perl.apache.org Subject: Re: Apache mod_perl Insecure dependency RegistryCooker.pm References: <200607071206.18686.heiko@wecos.de> In-Reply-To: <200607071206.18686.heiko@wecos.de> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Heiko Weber wrote: > Sure, I know what "perl taint" is ... so somewhere in my own written cgi-code > I must use a taited variable. But how to find the line of code ? In the > errorlog there only the above line, no more deeper/detailed info. I didn't > find a way to detect the place where I didn't check parameter from CGI - and > there are a lot of lines ... Try adding to a startup.pl use Carp; $SIG{__DIE__} = sub { confess shift }; $SIG{__WARN__} = \&Carp::cluck; -- ------------------------------------------------------------------------ Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708 Consultant / http://p6m7g8.net/Resume/resume.shtml Senior Software Engineer - TicketMaster - http://ticketmaster.com 1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F "It takes a minute to have a crush on someone, an hour to like someone, and a day to love someone, but it takes a lifetime to forget someone..."